Incidents
site probe Oct 05 2006 05:21PM
dso (dso moosoft com) (1 replies)
I got an interesting series of 404s on my website from
211-72-233-10.HINET-IP.hinet.net

tcnuke appears to be a Chinese web portal system like phpnuke

I usually get these kind of probes after an exploit has been found.

In order from last to first 404

/tcnuke/bbmpg12418.zip
/images/bbmpeg.html
/tcnuke/asftools310_tw.zip
/images/asftools310.exe
/tcnuke/ttpsetup_cht.exe
/tcnuke/xmplay33.zip
/tcnuke/xmplay.html
/tcnuke/player.php
/tcnuke/cwinamp5094.exe
/tcnuke/winamp53_pro.exe
/tcnuke/downloader.php?plugin=2
/tcnuke/qcd451.exe
/tcnuke/DLM_2200046_CHT.exe
/tcnuke/mmsetup_10004015c_ENU.exe
/tcnuke/3000-2167_4-10495839.html?tag=pdp_prod
/includes/iTunesSetup.exe
/includes/foobar2000_0.9.4.exe
/hc/qcd451.exe
/hc/bbmpg12418.zip
/hc/asftools310_tw.zip
/hc/FreeMeterSetup.exe
/hc/bitpro.exe
/hc/cwinamp5094.exe
/hc/winamp53_pro.exe
/hc/3000-2121_4-10492453.html
/hc/DLM_2200046_CHT.exe
/hc/mmsetup_10004015c_ENU.exe
/hc/3000-2167_4-10495839.html?tag=pdp_prod
/includes/3DMark06_v102_installer.exe
/de/
/badfs/badfs/tw2/
/support/downloads/
/products/dexp/downloads/
/arc/
/lightning/
/images/heliattack2.php
/images/view.php?nid=64
/tcnuke/d-6.htm
/FastStone-Image-Viewer/
/games/cubis2/play/
/customer/

Daniel
--
MooSoft Development Inc
http://www.moosoft.com

------------------------------------------------------------------------
------
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas.
World renowned security experts reveal tomorrow's threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of your
security environment. Featuring 36 hands-on training courses and 10 conference
tracks, networking opportunities with over 2,500 delegates from 40+ nations.

http://www.blackhat.com
------------------------------------------------------------------------
------

[ reply ]
Re: site probe Oct 06 2006 03:22AM
mark Hoffman (mhoffman1 iowatelecom net)


 

Privacy Statement
Copyright 2010, SecurityFocus